Maintenance Releases and Patches for Mitigation of Log4j vulnerabilities

Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046

The vulnerabilities are considered a medium risk for JobScheduler users. No active exploits are known.

Maintenance Releases include fixes for both vulnerabilities and are available for:

• Release 2.1.3 

Maintenance Releases will be available during this week with

• Release 1.13.10
• Release 1.12.15

Patches are available for

• Releases 1.13.3 - 1.13.9
• Releases 1.12.12 - 1.12.14

Find instructions how to mitigate the Log4j vulnerability and how to apply patches from

• JOC-1186: Update log4j2 2.15.0 to 2.16.0 due to 3rd party vulnerability issue in log4j2 2.15.0 (CVE-2021-45046)